- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-03-2023 12:39 AM
Hello,
1. If we create a policy related to scanning of endpoints and apply that policy in all the machine and run it on all the machine at the same time. Is it this method possible? Will it create any issue?
2. Pop up messages to users for malicious files during malware scans - Is this possible? If yes, is it documented? please share.
3. What is the mechanism behind XDR Scan? is it doing Wildfire check or some verdict check? or is Sandboxing also performed?
01-03-2023 02:54 AM
Hi @Aiman_Fathima ,
Thank you for writing to Live community!
I will answer your queries sequentially:
Hope this helps!
Please mark the solution as "Accept as Solution" if it answers your query.
Regards
01-03-2023 02:42 AM
1 - Yes thats totally possible. Any part is relative and needs explanation from you but generally, We are not expecting an issue with scanning endpoints.
2 - You can check all agent console notification settings from "Endpoints > Policy Management > Profiles > Agent Settings > User Interface". If XDR is blocked malicious activity, There'll be popup on endpoint.
3 - Scanning means is to find dormant malware that is not actively attempting to run. Process will be similar which is mentioning in the document below. XDR will query hash on the WF and if hash is not cached on the WF side, will upload file to WF. and Yes, WF one of the feature of Wildfire is Sandboxing.
01-03-2023 02:54 AM
Hi @Aiman_Fathima ,
Thank you for writing to Live community!
I will answer your queries sequentially:
Hope this helps!
Please mark the solution as "Accept as Solution" if it answers your query.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!